Encrypting whole call recordings

You can encrypt an entire whole call recording using one of these methods:

• Set the wcr_encrypt parameter to 1 (or TRUE) in an application’s session.xml file.

  This encrypts whole call recordings for the application.

• Set the server.rtp.wcr.encrypt service property to 1 in the Management Station.

  This encrypts whole call recordings for all applications using this Speech Server.

As with secure_context encryption, the public encryption_key must be specified in the application’s session.xml file in order for the encryption to work. If you try to encrypt whole call recordings when there is no encryption_key, Voice Platform throws an alarm, and the whole call recording is not recorded.

The normal rules of precedence apply. That is, a wcr_encrypt setting in a session.xml file takes precedence over the server.rtp.wcr.encrypt setting if they are different.

Note: The wcr_encrypt and server.rtp.wcr.encrypt parameters affect whole call recording only. They do not affect logging to the call logs or diagnostic logs, nor the recording of user utterances as individual waveforms—to do so, use a secure context property (for call logs and utterance recordings) or a service property (for diagnostic logging) instead.

An encrypted whole call recording ends in a *.enc extension. To decrypt such a recording, use the nr_decrypt utility (see Decrypting encrypted files).

When you encrypt an entire whole call recording, the swirec.secure_context and switts.secure_context properties do not mute items within the recording, although they do encrypt call log information and individual utterances as normal. To mask items within the encrypted recording with silence, use the swirec.mute_wcr and switts.mute_wcr properties (see Mute whole call recording for more information).